Slammer worm is considered as one of the most destructive attacks spread across the Internet.
The Slammer worm, more commonly known as the SQL Slammer worm, is infamously known for its DoS (denial-of-service) attack on various Internet hosts. The attack occurred on January 25, 2003 at 5:30 pm, infecting more than 75,000 machines within ten minutes. Despite the name, the Slammer worm didn't use the SQL language as its method exploitation; instead, it exploited a buffer overflow condition in the Microsoft-branded SQL sever and other database products.
Slammer was first detected on the Internet on 25th of January 2003 at 05:30 GMT. After that it was detected in most countries around the world. However, there are unconfirmed reports of the worm traces being spotted already on January 20th.
The worm generates massive amounts of network packets, overloading servers and routers and slowing down network traffic. According to many reports, as many as 5 of the 13 Internet root nameservers were down because of this during Saturday the 25th.
This worm does not infect typical end user machines at all: it only infects computers running Microsoft SQL Server 2000 or MSDE 2000. This worm is not a mass mailer: it does not send any e-mails.
The worm only spreads as an in-memory process: it never writes itself to the hard drive. As the worm does not infect any files, an infected machine can be cleaned by simply rebooting the machine. However, it will soon get reinfected if the machine is connected to the network without applying relevant patches for MS SQL Server.
Since the worm code does not have any delay in the scanning loop it generates massive amount of network traffic as a side effect. Slammer does not have any intentional payload or strings inside.
Removal:
Removal of this infection can permanently damage your system if any mistakes are made in the process. Thus, manual removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend malware and spyware removal applications.
Prevention:
After removing all the infected files, update your Security Software, check the Firewall Settings and the Operating System and finally do a full system scan with the Security Software.
0 comments:
Post a Comment